Global Internet Threat and Attacks Report for September 16

Customer support forums for the Atomicorp Threat Intelligence system. There is no such thing as a bad question here as long as it pertains to using the TI.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Global Internet Threat and Attacks Report for September 16

Unread post by mikeshinn »

Atomicorp Threat Intelligence RBL
Rule ID Count
-----------------------------------------
350053 29440 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-3 Match)
350051 27687 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI Match)
350052 26508 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-2 Match)
355501 15233 Atomicorp.com WAF Rules: Threat Intelligence Match for Spamming Source on Atomicorp Threat Intelligence RBL (TI-2). See this URL for details http://www.atomicrbl.com/lookup
355503 9451 Atomicorp.com WAF Rules: Threat Intelligence Match for known Brute Force attacker on Atomicorp Threat Intelligence RBL (TI-3). See this URL for details http://www.atomicrbl.com/lookup
355500 7239 Atomicorp.com WAF Rules: Threat Intelligence Match for known Worm Source on Atomicorp Threat Intelligence RBL (TI-1). See this URL for details http://www.atomicrbl.com/lookup
355504 5436 Atomicorp.com WAF Rules: Threat Intelligence Match for Known attacker Source on Atomicorp Threat Intelligence RBL (TI-4). See this URL for details http://www.atomicrbl.com/lookup
350054 4572 Atomicorp.com WAF Rules: Threat Intelligence Match for known Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-4 Match)
350055 1176 Atomicorp.com WAF Rules: Threat Intelligence Match for known multi event Attacker source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup (Previous TI-5 Match)
355506 1077 Atomicorp.com WAF Rules: Threat Intelligence Match for Known multi event attacker Source on Atomicorp Threat Intelligence RBL. See this URL for details http://www.atomicrbl.com/lookup


Top 25 Rules (level 6+)
Rule ID Count
-----------------------------------------
5706 17524 SSH insecure connection attempt (scan).
392301 12683 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
3357 7823 Multiple rapid SASL authentication failures.
60910 7248 Very Slow Wordpress brute force login failures from same IP source.
171303 7134 Known brute force attacker.
31102 5803 Possible DoS Consumption Attack
4151 5607 Multiple Firewall drop events from same source.
60159 5604 Wordpress brute force (fast) login failures
5720 4137 Multiple SSHD authentication failures.
5712 3803 SSHD brute force trying to get access to the system.
300079 3255 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2790 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
11306 2402 FTP brute force (multiple failed logins).
5551 2397 Multiple failed logins in a small period of time.
340162 2236 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
11254 2136 Multiple attempts to login using a non-existent user..
390614 2109 Atomicorp.com WAF Rules: Invalid character in ARGS
340016 1752 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330082 1729 Atomicorp.com WAF Rules: Known Exploit User Agent
330701 1480 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
9750 1382 Dovecot Multiple Authentication Failures.
334009 1328 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336460 1223 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 1162 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
60904 927 Rapid SMTP password incorrect events from the same IP source.


Top 25 WAF Rules (level 6+)
Rule ID Count
-----------------------------------------
392301 12683 Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
300079 3255 Atomicorp.com WAF AntiSpam Rules: Possible Spam: Multiple embedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)
330131 2790 Atomicorp.com WAF Rules: Fake Mozilla User Agent String Detected
340162 2236 Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected
390614 2109 Atomicorp.com WAF Rules: Invalid character in ARGS
340016 1752 Atomicorp.com WAF Rules: Possible SQL injection attempt detected
330082 1729 Atomicorp.com WAF Rules: Known Exploit User Agent
330701 1480 Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack
334009 1328 Atomicorp.com WAF Rules: Potentially Malicious Open Proxy Connection Attempt
336460 1223 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Open Flash Charts File Upload Attack
341245 1162 Atomicorp.com WAF Rules: Possible SQL injection attack (detectSQLi)
340006 909 Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
300066 849 Atomicorp.com WAF AntiSpam Rules: Spam: Commercial
340361 843 Atomicorp.com WAF Rules: CONNECT method denied
303800 728 Atomicorp.com WAF Rules: Fake Googlebot webcrawler
340095 682 Atomicorp.com WAF Rules: Possible PHP function in Argument - this may be an attack.
336468 629 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Google Maps plugin for Joomla probe
330034 614 Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected
390501 602 Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
318811 499 Atomicorp.com WAF Rules: Possible Attempt to Access unauthorized shell or exploit in WP cache directory
336461 495 Atomicorp.com WAF Rules - Virtual Just In Time Patch: Possible attempt to maliciously access wp-config.php file
347008 432 Atomicorp.com WAF Rules: Suspicious deep path recursion denied
381203 424 Atomicorp.com WAF Rules - Virtual Just In Time Patch: TimThumb Non Image Upload Attempt
330205 380 Atomicorp.com WAF Rules: Joomla Exploit Bot
330791 368 Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.
Post Reply